Anti-spam measures

The below is a belated summary of the the discussion of spamming
on the lir-wg list soon after RIPE 28. I'm copying it to John
Martin of TERENA as input to the BoF he is kindly organising
during RIPE 29 later this month.
Regards and happy new year.
Mike Norris
There was broad consensus that:
- spammers can be clever and operate professionally
- they can forge e-mail, IP addresses, even routes
- they constitute at least a nuisance to users
- they use inordinate levels of network and CPU
resource without any charge
- in some cases, the volume of traffic they generate
impacts seriously on the performance of a network
There were many calls for concerted action, for ISPs to back each
other up, even for RIPE to take legal action against spammers.
When it came to specifics, there were some points of good practice
which were generally accepted and from which all could
benefit. These included:
- filter inbound routes on AS
(lest spammers inject false routes and mail from the
corresponding IP addresses)
- configure sendmail to do relay only for specified hosts
(to prevent spammers from using your mail server as a
relay for spamming)
- no-relay patches on http://www.sendmail.org/
- use sendmail patches to check From and To addresses
- tighten up rules (and enforce them) for domain
registration/de-registration
- implement and enforce AUP and peering agreements
- make address harvesting difficult e.g. www.e-scrub.com/wpoison
Other anti-spamming defences, from the point of view of the recipient,
included:
- a daemon that checks the incoming mail queue for certain
patterns of use, domains, volume of messages, etc. If a
spam is detected, the daemon blocks reception of packets
from the address/domain originating the spam for about
15 minutes. After that the reception is restored.
- blocking SMTP access to bogus domains and addresses
(not just CyberPromo)
- accept the spam mail and don't deliver it
On the supply side, too, ISPs suggested a range of measures to
thwart spammers in their efforts to send bulk e-mail.
- charge per item for delivery of e-mail with advertising
material in it
- regulate the number of RCPTs from a given MAIL FROM value
(but how to authenticate the MAIL FROM value used?)
- force dialup customers to use their ISPs SMTP relay,
validate MAIL FROM value, check for forged headers,
check sender identity
There were those too who said that selective filtering, route
denial and other practices by ISPs were not the way to go. Just
because these were technically possible did not mean they had to
be used; to do so could set a dangerous precedent which could be
invoked in the future by outside agencies set on "controlling"
the Internet. Rather, the users should be enabled to do their own
filtering and many providers are equipping them with the means
to do so.
It is difficult, having seen the range of opinions expressed,
to see a consensus about concerted action involving intervention
in the mail transport mechanism, even in the European region.
of spammers and dynamically blocking their routes, both of which
are technically possible and already implemented in places.
On balance however, it seems that the considered view is on the side
of "freedom of speech".
Whatever, people felt that European ISPs should act in concert
and should adopt a common set of technical and administrative
anti-spam measures. These would start with those listed above
and might also include:
- Set up a mailing list for LIR postmasters
- Use digital signatures, with trusted SMTP servers
- For dialup access, use TACACS+
Legal action, too, had its proponents and opponents. Instances
of courts in Europe and USA finding against spammers were given,
and used to suggest that RIPE might even take up legal cudgels
against spammers and on behalf of its clients. As against this,
there is the argument that the industry should be self-regulated,
and that it should protect itself against itself. RIPE and the
NCC have successfully adopted this approach to deal with IP
address registration and other activities in Europe.
Contributors to the discussion were:
James Aldridge Sebastian Andersson Peppino Anselmi
Alex Bligh Adrian Bool Pedro Ramalho Carlos
Mickey Coggins Edgar Danielyan Jorgen Ericsson
Ina Faye-Lund Clive D.W. Feather Kevin Ferguson
Michael Ferioli gert at Space.Net Geert Jan de Groot
Stephan Hermann Nick Hilliard Keith C. Howell
Miroslaw Jaworski Poul-Henning Kamp Daniel Karrenberg
Mihkel Kraav Andres Kroonmaa Simon Leinen
Maarten E. Linthorst Javier Llopis Neil J. McRae
Andre Oppermann Chris Panayis Morten Reistad
Matt Ryan Luis Miguel Sequeira Paul Thornton
Mario Valente Espen Vestre Francois Weil
Toby Williams